Drama on the Underground Hacking Scene as Black Hats Hack Each Other

The black hat hacker known as Peace, or Peace_of_Mind, has breached and defaced one of its rival’s websites over the weekend following several incidents that can be categorized as “hacker drama.”
Both hackers are quite notorious on underground hacking forums, and both have been behind well-known hacks and data dumps.

Peace is the hacker that has put up for sale data stolen from sites such as VK.com, Tumblr, LinkedIn, Fling.com, and the Linux Mint forums. Peace is known to frequent sites such as TheRealDeal Dark Web marketplace and the Hell Forum, where he is supposedly one of the portal’s key members.

Peace hacks w0rm
Over the weekend, Peace has hacked w0rm, the website of another hacker of the same name.

w0rm is mostly known for hacking high-profile US news publications such as the Wall Street Journal, Vice, and CNET, but most security aficionados know him for running his website, where w0rm regularly publishes proof-of-concept code for recent security vulnerabilities, and database dumps from breached websites. The website also has an active discussions forum, a place where hackers met to talk and sell knowledge or tools.

On Sunday morning, users that accessed w0rm’s website where greeted with a message that read: “~Hacked by Peace of Mind and prometheus for [expletive] with Hell Forum.”

The defaced website also contained the “supposed” photo and personal details of w0rm. Softpedia could not get in touch with w0rm before this article’s publication, nor could we verify the data’s accuracy.

Your reporter did find that w0rm had been doxed twice before, in October 2014 and September 2015, and it appears that Peace has posted the same data on w0rm’s frontpage.

w0rm has angered the wrong people
In a conversation with Softpedia, Peace confirmed that he hacked w0rm’s site. The hacker also told Softpedia the reasons why he attacked his rival.

“Thats [sic] a personal reason,” Peace said, “also he scammed a couple of ppl I know.” Peace was also dissatisfied with the fact that w0rm was stealing content from the Hell Forum, a closed community for high-end hackers, and re-posting the data on his website, where anyone could access it.

Peace’s explanation fits in w0rm’s mode of operation. Over the past years, w0rm has hosted the databases of many other hacked underground cybercrime forums, which was one of the reasons he was doxed twice in the past two years.

The dumped data mainly consists of the forum’s database, which includes user account details, passwords, and private messages.

Additionally, the dumped data also included the source code of an exploit kit called Hunter, which is not as famous as Neutrino, Nuclear, Angler, RIG, or Magnitude, but is one of the few exploits kits that are still active on the market today.